French Ministry of Health – Violation Found (France, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The French Ministry of Health faced scrutiny over its StopCovid app for not fully complying with GDPR rules. While the app had some issues, they weren't related to cookies or consent. This matters because it highlights the importance of following privacy regulations in health-related apps.
What happened
The CNIL found compliance issues with the StopCovid app related to GDPR rules.
Who was affected
Users of the StopCovid app who may have had their data handled improperly.
What the authority found
The CNIL identified GDPR compliance issues but did not classify them as violations related to cookies or consent mechanisms.
Why this matters
This case shows that even government health apps must adhere to privacy regulations. It serves as a reminder for app developers to ensure their products comply with GDPR.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
In the context of the worldwide health crisis caused by Covid-19, the French Ministry of Health decided to make an application available to its citizens, aiming to improve the detection process of infections. The application "StopCovid" thus enables its users to inform their phone contacts, whom they have recently met or even only shortly been in contact with, if they have been infected with the virus. The users can also be informed by the application if they have encountered or found themselves at proximity of another user of the application who has declared having been infected. With regard to the nature of the data processing and the important number of users, the CNIL decided to investigate in order to make sure that the processing be carried out in accordance with the applicable provisions. Is the application "StopCovid" compliant with the applicable provisions of the GDPR and the national data protection law? The CNIL held that, in the main, the application "StopCovid" complied with the applicable data protection laws. However, the authority revealed a failure to comply with some of the provisions of the GDPR and the "loi informatique et libertés". Regarding, on one hand, the violation of the GDPR, the CNIL reminded the Ministry of Health that data has to be processed lawfully, fairly and in a transparent manner in relation to the data subject (Art. 5(1)(a) GDPR). The fact that when the information given by the user, indicating they had been infected by the Covid-19, was transferred to all their contacts and not only to the contacts they had recently found themselves at proximity of, was a direct violation of the principle of lawfulness and the Art. 2(5) of the national decree relating to the data processing carried out through "StopCovid". Moreover, the privacy policy aiming to inform the users of the data processing lacked precision regarding categories of data being processed and recipients of the data. A data processor being involved in the processin
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for French Ministry of Health in FR
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
15 July 2020
Authority
Commission Nationale de l'Informatique et des Libertés
GDPRhub ID
gdprhub-2589About this data
Cite as: Cookie Fines. French Ministry of Health - France (2020). Retrieved from cookiefines.eu
Last updated: